Cyber Incident Victim: Human Development Center

The Human Development Center (HDC) in Duluth discovered a data breach during routine email log reviews on January 25, 2019. The investigation revealed unauthorized external access to an employee’s email account on two specific dates: January 16 and January 18, 2019. HDC determined that the account compromise exposed protected health information of clients. The compromised data included client names, dates of birth, and internal HDC identifiers such as client numbers. Additionally, descriptions of services provided by HDC and a limited number of medical procedure codes were accessed. The organization did not specify the exact number of affected individuals in the available report.

HDC conducted a review of the email account contents to identify the scope of exposed information following the breach detection. The center initiated patient notification procedures to inform clients about the potential exposure of their sensitive data. No evidence suggested misuse of the compromised information at the time of disclosure. The breach notification did not describe technical details about the attack vector or containment measures beyond the log review process. HDC’s public statement confirmed the incident type as an email account compromise without attributing it to specific threat actors or detailing remediation steps taken post-discovery. The Duluth News Tribune reported the breach on March 22, 2019, based on HDC’s disclosures.